From 984352d6f1abc80d8a3f21b7462ff9a5892b275f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Feb 2024 10:50:12 +0100 Subject: [PATCH 1/9] Benchmark: remove the legacy-context ECDH block We have two blocks of code to benchmark ECDH. One uses the legacy context structure, which is only enabled when MBEDTLS_ECP_RESTARTABLE is enabled. That block doesn't convey any information that's specific to restartable ECC, it exists only for historical reasons (it came first). The other block uses only the implementation-agnostic API. Remove the block that uses the legacy context. It doesn't provide much extra information and most users won't even see it. Signed-off-by: Gilles Peskine --- programs/test/benchmark.c | 129 -------------------------------------- 1 file changed, 129 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 8fa5d6298..152e073d1 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1188,135 +1188,6 @@ int main(int argc, char *argv[]) } #endif -#if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - if (todo.ecdh) { - mbedtls_ecdh_context ecdh; - mbedtls_mpi z; - const mbedtls_ecp_curve_info montgomery_curve_list[] = { -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - { MBEDTLS_ECP_DP_CURVE25519, 0, 0, "Curve25519" }, -#endif -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - { MBEDTLS_ECP_DP_CURVE448, 0, 0, "Curve448" }, -#endif - { MBEDTLS_ECP_DP_NONE, 0, 0, 0 } - }; - const mbedtls_ecp_curve_info *curve_info; - size_t olen; - const mbedtls_ecp_curve_info *selected_montgomery_curve_list = - montgomery_curve_list; - - if (curve_list == (const mbedtls_ecp_curve_info *) &single_curve) { - mbedtls_ecp_group grp; - - mbedtls_ecp_group_init(&grp); - if (mbedtls_ecp_group_load(&grp, curve_list->grp_id) != 0) { - mbedtls_exit(1); - } - if (mbedtls_ecp_get_type(&grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { - selected_montgomery_curve_list = single_curve; - } else { /* empty list */ - selected_montgomery_curve_list = single_curve + 1; - } - mbedtls_ecp_group_free(&grp); - } - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdh_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdh_init(&ecdh); - - CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf), - myrand, NULL)); - CHECK_AND_CONTINUE(mbedtls_ecp_copy(&ecdh.Qp, &ecdh.Q)); - - mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", - curve_info->name); - TIME_PUBLIC(title, "handshake", - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf), - myrand, NULL)); - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh, &olen, buf, sizeof(buf), - myrand, NULL))); - mbedtls_ecdh_free(&ecdh); - } - - /* Montgomery curves need to be handled separately */ - for (curve_info = selected_montgomery_curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - mbedtls_ecdh_init(&ecdh); - mbedtls_mpi_init(&z); - - CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL)); - - mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", - curve_info->name); - TIME_PUBLIC(title, "handshake", - CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Q, - myrand, NULL)); - CHECK_AND_CONTINUE(mbedtls_ecdh_compute_shared(&ecdh.grp, &z, &ecdh.Qp, - &ecdh.d, - myrand, NULL))); - - mbedtls_ecdh_free(&ecdh); - mbedtls_mpi_free(&z); - } - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdh_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdh_init(&ecdh); - - CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf), - myrand, NULL)); - CHECK_AND_CONTINUE(mbedtls_ecp_copy(&ecdh.Qp, &ecdh.Q)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf), - myrand, NULL)); - - mbedtls_snprintf(title, sizeof(title), "ECDH-%s", - curve_info->name); - TIME_PUBLIC(title, "handshake", - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh, &olen, buf, sizeof(buf), - myrand, NULL))); - mbedtls_ecdh_free(&ecdh); - } - - /* Montgomery curves need to be handled separately */ - for (curve_info = selected_montgomery_curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - mbedtls_ecdh_init(&ecdh); - mbedtls_mpi_init(&z); - - CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Qp, - myrand, NULL)); - CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL)); - - mbedtls_snprintf(title, sizeof(title), "ECDH-%s", - curve_info->name); - TIME_PUBLIC(title, "handshake", - CHECK_AND_CONTINUE(mbedtls_ecdh_compute_shared(&ecdh.grp, &z, &ecdh.Qp, - &ecdh.d, - myrand, NULL))); - - mbedtls_ecdh_free(&ecdh); - mbedtls_mpi_free(&z); - } - } -#endif - #if defined(MBEDTLS_ECDH_C) if (todo.ecdh) { mbedtls_ecdh_context ecdh_srv, ecdh_cli; From 7a3059ac923b8054068eeacccc0cb1278d7578ac Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Feb 2024 10:53:31 +0100 Subject: [PATCH 2/9] Benchmark: not using private fields anymore Signed-off-by: Gilles Peskine --- programs/test/benchmark.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 152e073d1..0861d0ffd 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" From d5f68976e807611e1dc54f9f2e19b4aef9a995a1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Feb 2024 12:05:35 +0100 Subject: [PATCH 3/9] fuzz_pubkey, fuzz_privkey: no real need to access private fields Signed-off-by: Gilles Peskine --- programs/fuzz/fuzz_privkey.c | 4 +--- programs/fuzz/fuzz_pubkey.c | 12 ++++++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index ce7562488..753096406 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -1,5 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include #include #include @@ -73,7 +71,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY || mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - mbedtls_ecp_group_id grp_id = ecp->grp.id; + mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 9203b4e61..0b153b14d 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -1,5 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include #include #include "mbedtls/pk.h" @@ -49,7 +47,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY || mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - mbedtls_ecp_group_id grp_id = ecp->grp.id; + mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); @@ -61,9 +59,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) /* It's a public key, so the private value should not have * been changed from its initialization to 0. */ - if (mbedtls_mpi_cmp_int(&ecp->d, 0) != 0) { + mbedtls_mpi d; + mbedtls_mpi_init(&d); + if (mbedtls_ecp_export(ecp, NULL, &d, NULL) != 0) { abort(); } + if (mbedtls_mpi_cmp_int(&d, 0) != 0) { + abort(); + } + mbedtls_mpi_free(&d); } else #endif { From abf0be392ab3ee13d51b3130907fdeec9930cbbf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Feb 2024 12:07:09 +0100 Subject: [PATCH 4/9] fuzz_dtlsserver: explicitly note the one access to a private field Signed-off-by: Gilles Peskine --- programs/fuzz/fuzz_dtlsserver.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 1632e9df6..fd3e0aa9c 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -1,5 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include #include #include @@ -137,7 +135,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) ret = mbedtls_ssl_handshake(&ssl); if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { - biomemfuzz.Offset = ssl.next_record_offset; + biomemfuzz.Offset = ssl.MBEDTLS_PRIVATE(next_record_offset); mbedtls_ssl_session_reset(&ssl); mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout); if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) { From 72da8b35210342c547a484c8e76a8d33daa1ca6f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Feb 2024 12:07:29 +0100 Subject: [PATCH 5/9] Don't authorize private access to fields where not actually needed Signed-off-by: Gilles Peskine --- programs/fuzz/fuzz_client.c | 1 - programs/fuzz/fuzz_dtlsclient.c | 1 - programs/fuzz/fuzz_server.c | 1 - programs/fuzz/fuzz_x509crl.c | 1 - programs/fuzz/fuzz_x509crt.c | 1 - programs/fuzz/fuzz_x509csr.c | 1 - programs/ssl/ssl_test_lib.c | 1 - programs/test/metatest.c | 1 - programs/test/selftest.c | 2 -- programs/test/udp_proxy.c | 1 - 10 files changed, 11 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index d4e1d74cd..21d03a3c3 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -1,4 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 365902684..53f3f786a 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -1,4 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include #include diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index e7678590a..0c88767cf 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -1,4 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 313540d76..89c3ff69b 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -1,4 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include #include "mbedtls/x509_crl.h" diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 8442090cd..9f40cb6ae 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -1,4 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include #include "mbedtls/x509_crt.h" diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 395d3c28e..e19005afe 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -1,4 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include #include "mbedtls/x509_csr.h" diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index a65332ae1..d3ac526f7 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -8,7 +8,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include "ssl_test_lib.h" diff --git a/programs/test/metatest.c b/programs/test/metatest.c index 8e798cd4c..5a45f710b 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -26,7 +26,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include #include diff --git a/programs/test/selftest.c b/programs/test/selftest.c index e132e4c0c..043209b7f 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include "mbedtls/build_info.h" #include "mbedtls/entropy.h" diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index c6b56ec09..beaa8bd5e 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -11,7 +11,6 @@ * example of good general usage. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include "mbedtls/build_info.h" From 74589ba31c7244c1586ac1146938fd7fd5e02815 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Feb 2024 12:12:01 +0100 Subject: [PATCH 6/9] ssl_context_info: explicitly note accesses to private fields Signed-off-by: Gilles Peskine --- programs/ssl/ssl_context_info.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index c3ae9427e..1e3e26961 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS +//#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include "mbedtls/build_info.h" #include "mbedtls/debug.h" @@ -551,23 +551,23 @@ void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, const mbedtls_md_info_t *md_info; #endif - printf("\tciphersuite : %s\n", ciphersuite_info->name); - printf("\tcipher flags : 0x%02X\n", ciphersuite_info->flags); + printf("\tciphersuite : %s\n", mbedtls_ssl_ciphersuite_get_name(ciphersuite_info)); + printf("\tcipher flags : 0x%02X\n", ciphersuite_info->MBEDTLS_PRIVATE(flags)); #if defined(MBEDTLS_CIPHER_C) const mbedtls_cipher_info_t *cipher_info; - cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher); + cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(cipher)); if (cipher_info == NULL) { printf_err("Cannot find cipher info\n"); } else { - printf("\tcipher : %s\n", cipher_info->name); + printf("\tcipher : %s\n", mbedtls_cipher_info_get_name(cipher_info)); } #else /* MBEDTLS_CIPHER_C */ - printf("\tcipher type : %d\n", ciphersuite_info->cipher); + printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher)); #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_MD_C) - md_info = mbedtls_md_info_from_type(ciphersuite_info->mac); + md_info = mbedtls_md_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(mac)); if (md_info == NULL) { printf_err("Cannot find Message-Digest info\n"); } else { From dd9cbf99c237ba26b645ce379740206c82acd4df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Feb 2024 12:14:28 +0100 Subject: [PATCH 7/9] Benchmark only one side of ECDH, both static and ephemeral MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Static ECDH is of interest to us as developers because it's a generic scalar multiplication (as opposed to using the standard base point) and it's useful to have that handy. For reference the other operations of interest to developers are: - multiplication of the conventional base point: ECDSA signing is almost exactly that (just a few field ops on top, notably 1 inversion); - linear combination: ECDSA verification is almost exactly that too. Including ephemeral as well, because it's hopefully what's of interest to most users. Compared to the previous version, include only one side of the operations. I don't think including both sides is of interest to anyone. Signed-off-by: Manuel Pégourié-Gonnard --- programs/test/benchmark.c | 71 +++++++++++++++++++++++++++------------ 1 file changed, 49 insertions(+), 22 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 0861d0ffd..93c17291f 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1191,7 +1191,39 @@ int main(int argc, char *argv[]) mbedtls_ecdh_context ecdh_srv, ecdh_cli; unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE]; const mbedtls_ecp_curve_info *curve_info; - size_t olen; + size_t params_len, publen, seclen; + + for (curve_info = curve_list; + curve_info->grp_id != MBEDTLS_ECP_DP_NONE; + curve_info++) { + if (!mbedtls_ecdh_can_do(curve_info->grp_id)) { + continue; + } + + mbedtls_ecdh_init(&ecdh_srv); + + CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); + CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv, + sizeof(buf_srv), myrand, NULL)); + + mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", curve_info->name); + TIME_PUBLIC(title, + "ephemeral handshake", + const unsigned char *p_srv = buf_srv; + mbedtls_ecdh_init(&ecdh_cli); + + CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, + p_srv + params_len)); + CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli, + sizeof(buf_cli), myrand, NULL)); + + CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli, + sizeof(buf_cli), myrand, NULL)); + mbedtls_ecdh_free(&ecdh_cli); + ); + + mbedtls_ecdh_free(&ecdh_srv); + } for (curve_info = curve_list; curve_info->grp_id != MBEDTLS_ECP_DP_NONE; @@ -1203,31 +1235,26 @@ int main(int argc, char *argv[]) mbedtls_ecdh_init(&ecdh_srv); mbedtls_ecdh_init(&ecdh_cli); - mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", curve_info->name); + CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); + CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv, + sizeof(buf_srv), myrand, NULL)); + + const unsigned char *p_srv = buf_srv; + CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, + p_srv + params_len)); + CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli, + sizeof(buf_cli), myrand, NULL)); + + + mbedtls_snprintf(title, sizeof(title), "ECDH-%s", curve_info->name); TIME_PUBLIC(title, - "full handshake", - const unsigned char *p_srv = buf_srv; - - CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, &olen, buf_srv, - sizeof(buf_srv), myrand, NULL)); - - CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, - p_srv + olen)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &olen, buf_cli, + "static handshake", + CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli, sizeof(buf_cli), myrand, NULL)); - - CHECK_AND_CONTINUE(mbedtls_ecdh_read_public(&ecdh_srv, buf_cli, olen)); - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_srv, &olen, buf_srv, - sizeof(buf_srv), myrand, NULL)); - - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &olen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - mbedtls_ecdh_free(&ecdh_cli); - - mbedtls_ecdh_free(&ecdh_srv); ); + mbedtls_ecdh_free(&ecdh_cli); + mbedtls_ecdh_free(&ecdh_srv); } } #endif From f6eb0b8ab0adecd02ad49d7e3d037d18335cd791 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Feb 2024 12:42:46 +0100 Subject: [PATCH 8/9] Changelog entry for benchmark improvement Signed-off-by: Gilles Peskine --- ChangeLog.d/benchmark-ecdh.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/benchmark-ecdh.txt diff --git a/ChangeLog.d/benchmark-ecdh.txt b/ChangeLog.d/benchmark-ecdh.txt new file mode 100644 index 000000000..ef243b803 --- /dev/null +++ b/ChangeLog.d/benchmark-ecdh.txt @@ -0,0 +1,3 @@ +Features + * The benchmark program now reports times for both ephemeral and static + ECDH in all ECDH configurations. From 7f72a06e02290ee3d81f972fb88d46db20658ea2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Feb 2024 18:41:25 +0100 Subject: [PATCH 9/9] Remove cruft Signed-off-by: Gilles Peskine --- programs/fuzz/fuzz_client.c | 1 - programs/fuzz/fuzz_dtlsclient.c | 1 - programs/fuzz/fuzz_server.c | 1 - programs/fuzz/fuzz_x509crl.c | 1 - programs/fuzz/fuzz_x509crt.c | 1 - programs/fuzz/fuzz_x509csr.c | 1 - programs/ssl/ssl_context_info.c | 2 -- 7 files changed, 8 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 21d03a3c3..07ca96efa 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -1,4 +1,3 @@ - #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 53f3f786a..6581dcb1e 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -1,4 +1,3 @@ - #include #include #include diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 0c88767cf..64b35edb9 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -1,4 +1,3 @@ - #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 89c3ff69b..151db92c8 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -1,4 +1,3 @@ - #include #include "mbedtls/x509_crl.h" diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 9f40cb6ae..3eee07258 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -1,4 +1,3 @@ - #include #include "mbedtls/x509_crt.h" diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index e19005afe..7946e57ed 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -1,4 +1,3 @@ - #include #include "mbedtls/x509_csr.h" diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 1e3e26961..ee2cdb7b9 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -//#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include "mbedtls/build_info.h" #include "mbedtls/debug.h" #include "mbedtls/platform.h"